GDPR compliance

Otomatico personalises messages sent by email in compliance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

In Spain, two separate regulations affect the sending of emails:

  1. LOPD (Organic Law on Data Protection):
    • To obtain emails, prior content is required.
    • Personal data may be collected only from publicly accessible sources.
    • It is necessary to inform about the source of the data and to provide a time limit to revoke consent.

In short, if you have the consent of the individual, you comply with the LOPD. Otherwise, emails must be obtained from specific sources to comply with the law.

  1. LSSICE (Law on Information Society Services and Electronic Commerce):

    • It is forbidden to send unrequested advertising communications.
    • Exceptions apply if there is a prior contractual relationship and the data has been obtained lawfully.

In short, if you have the recipient’s consent to receive emails, you are in compliance with the LSSICE. Otherwise, sending is permitted as long as the communication is not of a commercial nature.

It is essential to include the possibility to object to the processing of data for promotional purposes and to respect cancellation rights in all communications.

This process of regularisation is due to past abuses, and the AEPD’s interpretation focuses on preventing misuse and malicious use.


Otomatico uses the email addresses of its customers, i.e. under the domain of the company that contracts Otomatico’s services. We use personalised messages (email message body) that comply with current legislation. In addition, Otomatico’s customers can always request modifications to the messages sent by Otomatico via their domain.